Ransomware Increasingly Attacking Healthcare Industry

Despite billions of dollars and operational continuity in the healthcare at risk, the industry is stymied by both a lack of answers and resources required to adequately defend themselves. Per a May 2016 study from Ponemon Institute, nearly 90% of healthcare organizations have been compromised by at least one malware infection in the past two years. Further the cost of data breaches has now climbed to $4 million Ponemon finds, only half of healthcare organizations feel adequately prepared to prevent the next attack. According to a report done by Health and Human Services, 76% of business leaders likened cyber risk to a natural disaster they were powerless to predict or control.

There are a number of reasons for this reality.

First, healthcare providers offer a rich target for cyber criminals. They rely on up to date information from patient records in order to provide critical client care; without quick access to drug histories, surgery directives, other information, patient care can get delayed or halted.

Further, hospital networks are rarely offline. As a mechanism for enabling operation of connected medical devices including insulin pumps, MRI machines, X-rays, CT/CAT scans, ventilators, pacemakers, defibrillators and microscopes, healthcare providers can ill-afford downtime. This reality means the industry is more likely to pay a ransom rather than impede patient care.

The healthcare industry has lagged behind in its approach to cyber security compared to other network intensive industries like financial services. There are bevy of reasons as to why:

85% of modern healthcare deliverers don’t have a single qualified security person on staff. The industry faces a severe security talent shortage. Moreover, limited education and awareness programs for health care professionals further diminishes the opportunity to enroll “front line” workers in the fight.

82% of healthcare organizations were found to be running on windows legacy versions, with 76% running on Windows 7. HHS Cybersecurity Task Force Report to Congress (May 2017)

40% of all IoT devices are health related devices, which often can’t be patched or managed, and are therefore – like legacy devices –extremely vulnerable to attack.

Less than 6% average of information technology budget expenditures on security, according to the survey from HIMSS Analytics. In contrast, the federal government, financial and banking institutions spend 16% of IT budget on security.Personal health information is 50 times more valuable on the black market than financial information, according to the HIMSS survey.

We’re Here for a Second Opinion
BluVector is a revolutionary early warning system system that uses a unique form of self-adapting machine learning to find and contain advanced cyber threats, at the network edge, in real time. Unlike other machine learning based advanced threat systems which are focused on finding bad actors AFTER they have gotten inside the network, BluVector’s patented Machine Learning Engine makes it possible to analyze 100% of your traffic, at the network edge, in milliseconds. To learn how machine learning can help, request a free 14-day Network Threat Assessment.